FC: Symantec, McAfee backpedal furiously on espionage enabled-software

[Declan McCullagh <declan () well com>]

Previous messages:

"Symantec pledges to acquiese to FBI backdoor demands"
http://www.politechbot.com/p-02851.html

"McAfee broadens denial: No contact with government of any sort"
http://www.politechbot.com/p-02846.html

There are at least two issues here: (1) Have the antivirusware makers 
contacted or been contacted by law enforcement re: Magic Lantern or a 
product with similar reported capabilites? (2) Will the antivirusware 
makers acquiese if contacted in the future? (More broadly, will security 
software makers put their customers' interests first? And if you conclude 
that you can trust them and you've guessed wrongly, being able to call them 
liars once your privacy and security are invaded may be faint consolation.)

We've now heard contradictory reports from both Symantec and McAfee, though 
I'm inclined to believe McAfee's public, on-the-record statements.

-Declan

---

From: "Trei, Peter" <ptrei () rsasecurity com>
To: "'declan () well com'" <declan () well com>
Subject: Symantic, McAfee backpedal furiously on espionage enabling their 
AV code.
Date: Tue, 11 Dec 2001 09:55:16 -0500

I'm trying to decide if these statements
are airtight. I wish the vendors had
unambiguously stated that they do
their very best to detect and neutralize
*all* viruses and trojans, regardless of
their source, and will continue to do so
in the future.

Peter Trei


-------------------------

http://dailynews.yahoo.com/h/nm/20011210/tc/attack_tech_dc.html

Monday December 10 8:30 PM ET

Antivirus Firms Say They Won't Create
FBI Loophole

By Elinor Mills Abreu

SAN FRANCISCO (Reuters) - Anti-virus software vendors said
on Monday they don't want to create a loophole in their
security products to let the FBI (news - web sites) or other
government agencies use a virus to eavesdrop on the computer
communications of suspected criminals.

Under a project code named "Magic Lantern," the
U.S. Federal Bureau of Investigation is creating an
e-mail-borne virus or Trojan horse that hides itself on the
computer and captures all keystrokes made, including
passwords that could be used to read encrypted mail,
according to a report on MSNBC.com in November.

Despite subsequent reports to the contrary, officials at
Symantec Corp. (Nasdaq:SYMC - news) and Network Associates
Inc. (Nasdaq:NETA - news) said they had no intention of
voluntarily modifying their products to satisfy the
FBI. Spokesmen at two other computer security companies,
Japan-based Trend Micro Inc. (Nasdaq:TMIC - news) and the
U.S. subsidiary of UK-based Sophos PLc., made similar
statements.

All four anti-virus companies said they had not contacted or
been contacted by the U.S. government on the matter.

[...]




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------